From owner-freebsd-geom@FreeBSD.ORG  Sun Apr  8 12:27:36 2007
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@freebsd.org
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 58EDD16A400
	for <freebsd-geom@freebsd.org>; Sun,  8 Apr 2007 12:27:36 +0000 (UTC)
	(envelope-from fbsd06@mlists.homeunix.com)
Received: from mxout-03.mxes.net (mxout-03.mxes.net [216.86.168.178])
	by mx1.freebsd.org (Postfix) with ESMTP id 31ACD13C484
	for <freebsd-geom@freebsd.org>; Sun,  8 Apr 2007 12:27:36 +0000 (UTC)
	(envelope-from fbsd06@mlists.homeunix.com)
Received: from gumby.homeunix.com (unknown [87.81.140.128])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.mxes.net (Postfix) with ESMTP id D4AAE5193D
	for <freebsd-geom@freebsd.org>; Sun,  8 Apr 2007 08:27:34 -0400 (EDT)
Date: Sun, 8 Apr 2007 13:27:31 +0100
From: RW <fbsd06@mlists.homeunix.com>
To: freebsd-geom@freebsd.org
Message-ID: <20070408132731.442d1d39@gumby.homeunix.com>
In-Reply-To: <20070408023450.GV63916@garage.freebsd.pl>
References: <20070408005942.48c10ea8@gumby.homeunix.com>
	<20070408003233.GT63916@garage.freebsd.pl>
	<20070408033114.128f7da8@gumby.homeunix.com>
	<20070408023450.GV63916@garage.freebsd.pl>
X-Mailer: Claws Mail 2.8.1 (GTK+ 2.10.11; i386-portbld-freebsd6.2)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: Geli Encrypted DVDs
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Apr 2007 12:27:36 -0000

On Sun, 8 Apr 2007 04:34:50 +0200
Pawel Jakub Dawidek <pjd@FreeBSD.org> wrote:

> On Sun, Apr 08, 2007 at 03:31:14AM +0100, RW wrote:
> > On Sun, 8 Apr 2007 02:32:33 +0200
> > Pawel Jakub Dawidek <pjd@FreeBSD.org> wrote:
> > 
> > > On Sun, Apr 08, 2007 at 12:59:42AM +0100, RW wrote:
> > > > 
> > > > In the questions list Roland Smith suggested that a geli
> > > > encrypted dvd could be created by burning the backing file from
> > > > an geli encrypted md device as a disk image. 
> > > > 
> > > > We were neither able to attach the DVD device though, see:
> > > > 
> > > > http://lists.freebsd.org/pipermail/freebsd-questions/2007-March/145433.html
> > > > 
> > > > Does anyone know if this can be made to work?
> > > > 
> > > > FWIW I have no problem putting a UFS2 filesystem on a DVD-R
> > > > without geli.
> > > 
> > > Could you give me the output of:
> > > 
> > > 	# ls -l $HOME/backupDVD.img 
> > > 	# diskinfo -v /dev/acd0
> > > 	# geli dump /dev/acd0
> > > 
> > 
> > 
> > # ls -l /home/t/dvd.img
> > -rw-r--r--  1 bob  bob  4613734400 Mar 21 13:15 /home/t/dvd.img
> > 
> > # diskinfo -v /dev/acd0
> > /dev/acd0
> >         2048            # sectorsize
> >         4613734400      # mediasize in bytes (4.3G)
> >         2252800         # mediasize in sectors
> > 
> > # geli dump /dev/acd0
> > Cannot read metadata from /dev/acd0: Invalid argument.
> > Not fully done.
> > 
> >  -------------------------------------------------
> > 
> > If I run the last command on the image file's md device instead:
> > 
> > # geli dump /dev/md0
> > Metadata on /dev/md0:
> >      magic: GEOM::ELI
> >    version: 3
> >      flags: 0x0
> >      ealgo: AES-CBC
> >     keylen: 256
> >   provsize: 4613734400
> > sectorsize: 512
> 
> The problem is different size between CD and your image. Try to create
> image with -S 2048 option.
> 

Thanks, that worked.

For the benefit of anyone trying this, the -S 2048 option is to
mdconfig. If you just use  geli init -s 2048 without setting the sector
size in  mdconfig, the dvd device fails to attach.

mdconfig(8) is a bit misleading  when it defines:

"-S sectorsize
             Sectorsize to use for malloc backed device."